Amazon's 'Manage Your Kindle' page has been reportedly spotted with a flaw that could give hackers access to the user's cookies.
According to a user named Benjamin Daniel Musserl who discovered the bug, if users load a corrupted e-book featuring malicious scripts in their Kindle library, by either downloading and importing, or tapping 'Send to Kindle' from a untrustworthy website, hackers can get access to the user account's cookies.
Notably, corrupted e-books that are said to give access to a user's Amazon account cookies include scripts in their title, such as .
"Once an attacker manages to have an e-book (file, document, ...) with a title like added to the victim's library, the code will be executed as soon as the victim opens the Kindle Library web page. As a result, Amazon account cookies can be accessed by and transferred to the attacker and the victim's Amazon account can be compromised," stated Musserl on a blog post.
In addition, Musserl said that he discovered the bug back in October last year, but Amazon patched it soon after. However, the bug started showing again after Amazon introduced an overhauled 'Manage Your Kindle' section.
Users can however avoid the bug by simply not importing e-books from any other website except Amazon, or other trustworthy sources. The company is yet to make an official comment on the issue.
In July, Amazon announced the launch of a Kindle Unlimited ebooks and audiobooks subscription service. For $9.99 (roughly Rs. 610) a month, customers can read from over 600,000 Kindle books, and listen to thousands of Audible audiobooks, 'keeping' individual titles for as long as they want.